CNNVD-202506-1612 Information

CNNVD ID

CNNVD-202506-1612

Related CVE

CVE-2025-49146

• CNNVD Published: 2025-06-11

Description (Chinese)

pgJDBC是pgJDBC开源的一个PostgreSQL驱动。 pgJDBC 42.7.4至42.7.7版本存在授权问题漏洞，该漏洞源于通道绑定配置不当，可能导致中间人攻击。

Description (English)

pgJDBC is a PostgreSQL driver for pgJDBC open source. PgJDBC 42.7.4 to 42.7.7 has a mandate gap, which stems from the inappropriate configuration of the link, which may lead to attacks by intermediaries.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

pgJDBC

Published

2025-06-11

Last Modified

2026-02-24

References

https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54 https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 https://www.oracle.com/security-alerts/cpujul2025.html https://vigilance.fr/vulnerability/PostgreSQL-JDBC-Man-in-the-Middle-dated-24-07-2025-47790 https://nvd.nist.gov/vuln/detail/CVE-2025-49146

Patch

https://jdbc.postgresql.org/download/